October 30th, 2006, 08:08 AM
When using a microsoft domain environment and i want to secure and scan all the systems for spyware and other malware. What are the steps to follow. Its a small network. Do i login locally or??
October 30th, 2006, 09:36 AM
What software are you using? What AV and What Antispyware? and what versions?
Do you have Domain admin priviliges? (I am assuming you do)
October 30th, 2006, 10:04 AM
I am afraid that you don't say what the circumstances are? Is this a one-off exercise because you think you have been compromised, or a regular event you want to set up.
If it is a serious compromise situation then the classic wisdom would be to rebuild the lot. It all depends on the particular circumstances. I would at the very least be inclined to clean each machine individually in safe mode. That may well be adequate if it is just annoying adware and such.
Hard to say without more details.
October 30th, 2006, 02:27 PM
You did kind of leave out some important information (like Cabby80 posted). It would help alot if you told us what software you have or plan on using. If you have some kind of administrative anti-spyware software, it would propably involve installing it on the server and all the connecting clients then just do all your scanning from a centralized server.
If it's a stand-alone anti-spyware, your options vary:
- You can install it on each client machine and scan
- You can install the anti-spyware program on a flash drive (provided you have a big enough flash drive) and scan each client (this still involves going to each machine)
- You can install the anti-spyware on each client and use a program like PsExec to open up remote command shells and run the program remotely. However, not all anti-spyware software supports command line execution so you'll have to do some research.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
November 1st, 2006, 03:09 PM
I would recomend getting the enterprise edition of webroot spysweeper. I'v had companys that have been getting totally hosed by spyware and once i implimented this I have had no problems at all. You can push it out from any system on the domain to all the clients on the domain so you don't actually have to put it on a domain controller. Also in the past i have made a PE boot disk that runs its own version of windows off a cd that i have then had anti-spyware/virus software on and ran from the cd, this has also been very effective.
January 23rd, 2007, 09:04 AM
Sorry for not replying earlier had some issues to deal with. What i need is to have a centralized management host, that will be able to manage, monitor, update, scan etc any of the hosts on the network.
Suggestions on software for antispyware, antivirus, antiadware, patch management (windows envior), deployment and securing that machine or anything that you find related would be appreciated.
January 23rd, 2007, 09:46 PM
For central management of AV I have used both Symatec and Panda with success (make sure you use the latest versions)
We have not done any central management of AS yet. Most of our spy-ware is caught either through our email relays (using Brightmail and Tumbleweed), Websense for browsing, and Tipping Point for the rest.
Last edited by mmelby; January 23rd, 2007 at 09:49 PM.
Work... Some days it's just not worth chewing through the restraints...
January 24th, 2007, 02:58 AM
It depends on how big of an environment we're talking about and how much you can afford.
Before you read this take a look @ this article to see the effectiveness of IE7's reset function.
I will tell you what I did notice and I hope it gleans some empirical evidence.
Real-world scenario: The 5000+ workstation environment I work at
The biggest thing that helped us were web and email filtering appliances. Sure, cleaning is great but that is a passive response.
Before we locked down unmonitored communications we were spinning our wheels and constantly cleaning PCs at the HelpDesk. I MEAN I WAS. Then I moved to the Desktop team and suddenly the Help Desk didn't do that any more- because I was that guy. After I left the Help Desk everyone on the Desktop team bitched about spyware- as if they hadn't seen it before (hmmm...). After I moved, I literally saw it become an enterprise issue and others on the Desktop team noticed the coincidence as well.
We had McAfee ePO for AV mgmt, yet I still spent a good 3 hrs/day cleaning up pc's... with cleaning software. Once we upped our email and Internet filtering it cut off the heads of what was getting us.
I remember, after turning on the switch on mail filtering, we were catching100,000+ quarantined emails a day.
Later we bought spyware cleaning pieces but it had minimal results after content filtering.
Now, the only stuff we see is when our firewall admin notices spikes to specific IPs that are eating up bandwidth.
If it is a small environment I'd definitely research and test with local pc permissions. See what they need to operate the pc. And have a standard image that is patched.
Last edited by not_it; January 24th, 2007 at 03:14 AM.
January 24th, 2007, 10:32 AM
Thank you for the input. The organization is investing in a UTM Appliance. Which reduces the threats. What I wanted to find out is what solutions, tools, software are out there that will help an administrator with managing the security of the network centrally. The network is small about 100 hosts. All windows (AD).
Things that will save the administrators time to do other things.
February 26th, 2007, 10:14 PM
what is Brightmail Tracker?
Originally Posted by mmelby